Tsoa: Add decorator to specify Anonymous access to a controller method

Created on 20 Apr 2020  路  5Comments  路  Source: lukeautry/tsoa

If the @Security decorator is used on a controller class, there appears to be no way to override that setting for a specify method. It would be useful if there was an @AllowAnonymous decorator that we could use to override the security for a specific method - much like the AllowAnonymousAttribute in .net Core

Sorting

  • I'm submitting a ...

    • [ ] bug report
    • [x] feature request
    • [ ] support request
  • I confirm that I

    • [x] used the search to make sure that a similar issue hasn't already been submit

Expected Behavior

@Route("Foo")
@Security("BearerAuth")
export class FooController extends Controller {
  // This method implicitly has security applied to it
  @Get("foo")
  public foo() {}

  // This method implicitly has security applied to it
  @Get("bar")
  public bar() {}

  // This method is explicitly open
  @Get("baz")
  @AllowAnonymous()
  public baz() {}
}

Current Behavior

// This controller has no default security
@Route("Foo")
export class FooController extends Controller {
  // This method explicitly has security applied to it
  @Get("foo")
  @Security("BearerAuth")
  public foo() {}

  // This method explicitly has security applied to it
  @Get("bar")
  @Security("BearerAuth")
  public bar() {}

  // This method is implicitly open
  @Get("baz")
  public baz() {}
}

Possible Solution

Add an @AllowAnonymous decorator.

Context (Environment)

Version of the library: 3.0.4
Version of NodeJS: 10.19.0

  • Confirm you were using yarn not npm: [x]

Detailed Description

The current method involves removing the @Security decorator from the class and applying it to every method, except the anonymous method. This is undesirable as it an omission will default to insecure. It's also cleaner as fewer decorators are required.

Breaking change?

No

help wanted

All 5 comments

I'd like to find a better name, maybe @AllowUnauthorized() or @NoSecurity(), but the idea seems good.

@WoH I would like to add it 馃槃

I've created a PR - #684 - that might fix this (be gentle, I'm new to this project!). It has no unit tests nor any documentation at the moment, but I'd like to get the opinion of the maintainers before I go all out...

@WoH I would like to add it 馃槃

I've just realised that @dimitor115 may have meant that he wanted to do the PR rather than that he'd like to see it added. So maybe my PR isn't needed.

I've created a PR - #684 - that might fix this (be gentle, I'm new to this project!). It has no unit tests nor any documentation at the moment, but I'd like to get the opinion of the maintainers before I go all out...

Don't worry, especially because the PR looks great so far :+1:
I haven't had time to look at the details, but the approach looks good to me!

Wow, that was quicker than I expected. Thanks.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

sundowndev picture sundowndev  路  4Comments

alxwrd picture alxwrd  路  5Comments

lonix1 picture lonix1  路  5Comments

ancizararenas picture ancizararenas  路  3Comments

jeremyVignelles picture jeremyVignelles  路  3Comments